Enrico_C Posted January 27, 2004 Share Posted January 27, 2004 ============================================================================== Previewing raw email. Use your browser's back button to return to menu. ============================================================================== Return-Path: <ravms[at]mail.univaq.it> Delivered-To: spamcop-net- [myaddress] [at] spamcop.net Received: (qmail 1073 invoked from network); 27 Jan 2004 13:10:51 -0000 Received: from unknown (HELO mailgate.cesmail.net) (192.168.1.101) by blade1.cesmail.net with SMTP; 27 Jan 2004 13:10:51 -0000 Received: (qmail 1001 invoked from network); 27 Jan 2004 13:10:51 -0000 Received: from mail.univaq.it (192.150.195.10) by mailgate.cesmail.net with SMTP; 27 Jan 2004 13:10:50 -0000 Received: from mail (mail [192.150.195.10]) by mail.univaq.it (8.12.2+Sun/8.12.2) with SMTP id i0RD8fHw009073; Tue, 27 Jan 2004 14:08:41 +0100 (CET) X-RAV-AntiVirus: This e-mail has been scanned for viruses on host: mail.univaq.it Message-Id: <200401271308.i0RD8fHw009073[at]mail.univaq.it> From: "RAV AntiVirus" <ravms[at]univaq.it> To: [myaddress] [at]spamcop.net Subject: RAV Antivirus: risultati di scan Date: Tue, 27 Jan 2004 14:08:41 +0100 Importance: high X-MSMail-Priority: 1 X-Priority: 1 X-Mailer: ravmd/8.4.1 MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII X-spam-Checker-Version: SpamAssassin 2.60 (1.212-2003-09-23-exp) on blade1 X-spam-Level: **** X-spam-Status: hits=4.6 tests=MISSING_MIMEOLE,MISSING_OUTLOOK_NAME, X_PRIORITY_HIGH,X_PRI_MISMATCH_HI version=2.60 X-SpamCop-Checked: 192.168.1.101 192.150.195.10 192.150.195.10 X-SpamCop-Disposition: Blocked SpamAssassin=4 Attenzione ! Il file infetto e' stato salvato nella directory quarantena con il nome: 1075208921-dfi0RD8eHw009047. Il file (part0003:readme.zip)->readme.htm .exe allegato al messaggio (con oggetto:Returned mail: see transcript for details) inviato da mailer-daemon to [myaddress] [at]spamcop.net e' infettato con il virus: Win32/Mydoom.A[at]mm. Questo file non puo' essere disinfettato. Questo file non puo' essere cancellato (probabilmente e' parte di un archivio compresso). Il messaggio non e' stato consegnato perche' contiene codice pericoloso. -------------- RAV AntiVirus for SunOS sparc version: 8.4.1 (snapshot-20030214) Scan engine 8.11 for sparc. Last update: Tue, 27 Jan 2004 04:03:51 +01 Scanning for 89279 malwares (viruses, trojans and worms). Link to comment Share on other sites More sharing options...
michaell Posted January 27, 2004 Share Posted January 27, 2004 X-RAV-AntiVirus: This e-mail has been scanned for viruses onĀ host: mail.univaq.it ... From: "RAV AntiVirus" <ravms[at]univaq.it> ... X-SpamCop-Checked: 192.168.1.101 192.150.195.10 192.150.195.10 X-SpamCop-Disposition: Blocked SpamAssassin=4 This wasn't from Spamcop's AV scanner. It was sent by a scanner at univaq.it, in response to a virus which had your address on it - that doesn't mean you sent the virus, but it is the reason that you get the response. Spamcop's spamassassin decided that this notification was spam, based on the priority and MIME headers generated by the silly RAV system. Link to comment Share on other sites More sharing options...
Enrico_C Posted January 27, 2004 Author Share Posted January 27, 2004 Thank you! I should have thought it can't be from SC, as it comes from univaq.it , an Italian server! Silly question of mine! Actually the Italian text says they found a virus in a message addressed to me, not from me Il file (part0003:readme.zip)->readme.htm .exe allegato al messaggio (con oggetto:Returned mail: see transcript for details) inviato da mailer-daemon to [myaddress] [at]spamcop.net e' infettato con il virus: Win32/Mydoom.A[at]mm. That means more or less: The attached file (part0003:readme.zip)->readme.htm .exe in a message (with subject: Returned mail: see transcript for details) sent from mailer-daemon to [myaddress] [at]spamcop.net is infected with virus: Win32/Mydoom.A[at]mm. Do you think it is really from RAV or might be a fake? Anyway, I am not going to report that as spam to Spamcop, as it is not. Link to comment Share on other sites More sharing options...
jefft Posted January 27, 2004 Share Posted January 27, 2004 Do you think it is really from RAV or might be a fake? Anyway, I am not going to report that as spam to Spamcop, as it is not. It's almost certainly real. The virus is exploding all over today. Someone tried to send you a virus through that mail server and the mail server caught it and sent you the notification instead. We used to do that, too, (send notifications) but some of the more recent viruses have just been too active and we were sending way too many notifications. So, now, we just throw the viruses away and don't even tell the recipient. So much of the virus is forged, anyway, that usually the recipient couldn't even figure out who it really came from to tell them. JT Link to comment Share on other sites More sharing options...
Enrico_C Posted January 28, 2004 Author Share Posted January 28, 2004 That makes sense For the record, it was the first time I received a virus notification from the *sender*'s mailserver. Anyway, I guess someone should tell the RAV guys their notices are sort of malformed, aren't they?, and thus likely to be considered "spam"! Here's what SpamAssassin said: X-spam-Status: hits=4.6 tests=MISSING_MIMEOLE,MISSING_OUTLOOK_NAME, X_PRIORITY_HIGH,X_PRI_MISMATCH_HI version=2.60 Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.